|
Posted by Intuitive on November 1, 2007, 7:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
El CiD wrote:
> Hello,
>
> Does anyone here have any sort of experience setting up a cisco 4400
> and windows 2003 radius serveR? is this eve possible at all?
>
> thanks
>
>
Hi El,
I have such running here at home, with a 4500 series Router, which used
to authenticate to my Windows 2003 RADIUS server.
The configuration is still the same, although the RADIUS server is down.
Obviously, the RADIUS group in Windows was called "LANAUTH", and it's IP
address was 10.0.0.35
Here is the config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 4500
!
aaa new-model
aaa group server radius LANAUTH
server 10.0.0.35 auth-port 1645 acct-port 1646
server 10.0.0.35 auth-port 1812 acct-port 1813
!
aaa authentication login default line
aaa authentication ppp default group LANAUTH local
enable secret 5 $1$clI3$Tb.5TjGUEy9KNfaiz2kRH/
!
username bigboss password 7 12532F030618040521322525263B2B4253
ip subnet-zero
no ip domain-lookup
ip domain-name intuitive.geek.nz
!
frame-relay switching
vpdn enable
!
vpdn-group MAHATMA
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0
bandwidth 10000
ip address 10.0.0.10 255.255.255.192
ip directed-broadcast
media-type 10BaseT
!
interface Ethernet1
ip address 10.0.0.65 255.255.255.192
media-type 10BaseT
!
interface Virtual-Template1
ip unnumbered Ethernet0
peer default ip address pool LANCLIENT
ppp encrypt mppe auto required
ppp authentication chap pap ms-chap
!
interface Serial0
description TO_BOTTOM_SO
bandwidth 1544
no ip address
ip directed-broadcast
no ip mroute-cache
no keepalive
clockrate 64000
!
interface Serial1
description TO_TOP_S0
bandwidth 1544
no ip address
ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
no keepalive
clockrate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 122 interface Serial2 221
frame-relay route 123 interface Serial3 321
!
interface Serial2
no ip address
encapsulation frame-relay
no keepalive
clockrate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 221 interface Serial1 122
frame-relay route 456 interface Serial3 654
!
interface Serial3
no ip address
encapsulation frame-relay
no keepalive
clockrate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 321 interface Serial1 123
frame-relay route 654 interface Serial2 456
!
interface Serial4
no ip address
shutdown
!
interface Serial5
no ip address
no keepalive
shutdown
!
interface Serial6
no ip address
shutdown
!
interface Serial7
no ip address
shutdown
!
ip local pool LANCLIENT 10.0.0.11 10.0.0.22
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1 permanent
no ip http server
!
ip radius source-interface Virtual-Template1
logging trap warnings
logging 10.0.0.33
arp 10.0.0.9 000a.8a7e.9780 ARPA
arp 10.0.0.1 0011.f5f5.bb94 ARPA
arp 10.0.0.35 0009.6b37.9606 ARPA
arp 10.0.0.33 0008.a19c.7201 ARPA
no cdp run
radius-server host 10.0.0.35 auth-port 1812 acct-port 1813 key 7
1061242D2423212A38
!
line con 0
exec-timeout 0 0
password 7 13161F13001505273E2A21
line aux 0
exec-timeout 0 0
modem InOut
no exec
transport input all
stopbits 1
flowcontrol hardware
line vty 0 4
password 7 095F4608121C161F1E020D
line vty 5 14
line vty 15
password 7 11504C5445421F
!
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map